629248 – (CVE-2017-13716) sys-devel/gcc-? via libiberty : binutils denial of service (excessive memory allocation and application crash) via a crafted file (CVE-2017-13716)

Bug 629248 (CVE-2017-13716) - sys-devel/gcc-? via libiberty : binutils denial of service (excessive memory allocation and application crash) via a crafted file (CVE-2017-13716)

Summary: sys-devel/gcc-? via libiberty : binutils denial of service (excessive memory ...

Status:	RESOLVED FIXED

Alias:	CVE-2017-13716

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://sourceware.org/bugzilla/show_...
Whiteboard:	A3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-08-29 00:46 UTC by D'juan McDonald (domhnall)
Modified:	2021-01-12 18:42 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-08-29 00:46:58 UTC

From ${URL}:

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Upstream Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22009

CVE Details: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13716

Comment 1 Andreas K. Hüttel archtester

2017-09-15 18:56:17 UTC

2.29 only just got keyworded, so let's give it some waiting time.

Comment 2 Andreas K. Hüttel archtester

2017-10-04 10:08:30 UTC

From upstream: 

  This is a bug in the C++ demangler, which is part of the libiberty sources.
  These sources are managed by the GCC project, so please could you refile
  this bug report with the GCC bugzilla system ?  Thanks.

Comment 3 Yury German Gentoo Infrastructure

2019-03-12 05:48:50 UTC

This should be ready to close. Please confirm.

Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev

2019-12-29 14:45:52 UTC

ok to close

Comment 5 Andreas K. Hüttel archtester

2021-01-12 18:05:45 UTC

@security: please close

Comment 6 Sam James archtester

2021-01-12 18:42:50 UTC

Long obsolete.